550-5.7.26 Unauthenticated email from gmail.com is not accepted due to domain's 550-5.7.26 DMARC policy.

B

BiteMyElbow

Member
Jul 5, 2021
31
0
11
39
Redirected mails are sometimes bounced from Gmail.

We have PMG installed if front of Exchange 2013. All income and otcome mail goes through PMG as it is our edge mail server.

We have a simple forward rule, "if the mail arrives at user's mailbox user1@ourcorporatedomain.com send a copy to user1privatemaillbox@gmail.com".

And it works BUT NOT EVERY TIME:
1700225745807.png

Bounced messages are similar:
Code: 
Nov 17 12:59:38 PMG postfix/smtpd[466447]: connect from exchange2013.localdomain.local[172.30.21.112]
Nov 17 12:59:39 PMG postfix/smtpd[466447]: 01DBA161AB3: client exchange2013.localdomain.local[172.30.21.112]
Nov 17 12:59:39 PMG postfix/cleanup[466358]: 01DBA161AB3: message-id=<CALq2_DYqJU-3=gjX9-Dr2VgR=AgQUvbmhCwhqQQtT7d8mv64mg@mail.gmail.com>
Nov 17 12:59:39 PMG postfix/qmgr[829]: 01DBA161AB3: from=<user1@ourcorporatedomain.com>, size=119516, nrcpt=1 (queue active)
Nov 17 12:59:39 PMG postfix/smtpd[466447]: disconnect from excnahge2013.localdomain.local[172.30.21.112] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Nov 17 12:59:39 PMG pmg-smtp-filter[466486]: 161ABA6557398B0ECD9: new mail message-id=<CALq2_DYqJU-3=gjX9-Dr2VgR=AgQUvbmhCwhqQQtT7d8mv64mg@mail.gmail.com>#012
Nov 17 12:59:39 PMG postfix/smtpd[466340]: connect from localhost.localdomain[127.0.0.1]
Nov 17 12:59:39 PMG postfix/smtpd[466340]: 24B5A161ABF: client=localhost.localdomain[127.0.0.1], orig_client=exchange2013.localdomain.local[172.30.21.112]
Nov 17 12:59:39 PMG postfix/cleanup[466335]: 24B5A161ABF: message-id=<CALq2_DYqJU-3=gjX9-Dr2VgR=AgQUvbmhCwhqQQtT7d8mv64mg@mail.gmail.com>
Nov 17 12:59:39 PMG postfix/cleanup[466335]: 24B5A161ABF: resent-message-id=<20231117095939.24B5A161ABF@PMG.localdomain.local>
Nov 17 12:59:39 PMG postfix/qmgr[829]: 24B5A161ABF: from=<user1@ourcorporatedomain.com>, size=118723, nrcpt=1 (queue active)
Nov 17 12:59:39 PMG postfix/smtpd[466340]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Nov 17 12:59:39 PMG pmg-smtp-filter[466486]: 161ABA6557398B0ECD9: accept mail to <user1privatemaillbox@gmail.com> (24B5A161ABF) (rule: default-accept)
Nov 17 12:59:39 PMG pmg-smtp-filter[466486]: 161ABA6557398B0ECD9: processing time: 0.142 seconds (0, 0.049, 0)
Nov 17 12:59:39 PMG postfix/lmtp[466336]: 01DBA161AB3: to=<user1privatemaillbox@gmail.com>, relay=127.0.0.1[127.0.0.1]:10023, delay=0.2, delays=0.01/0/0.04/0.15, dsn=2.5.0, status=sent (250 2.5.0 OK (161ABA6557398B0ECD9))
Nov 17 12:59:39 PMG postfix/qmgr[829]: 01DBA161AB3: removed
Nov 17 12:59:39 PMG postfix/smtp[466458]: 24B5A161ABF: to=<user1privatemaillbox@gmail.com>, relay=gmail-smtp-in.l.google.com[108.177.14.27]:25, delay=0.5, delays=0.05/0/0.08/0.37, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[108.177.14.27] said: 550-5.7.26 Unauthenticated email from gmail.com is not accepted due to domain's 550-5.7.26 DMARC policy. Please contact the administrator of gmail.com domain 550-5.7.26 if this was a legitimate mail. Please visit 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.26 DMARC initiative. u18-20020a2e1412000000b002c01ec81656si518844ljd.149 - gsmtp (in reply to end of DATA command))
Nov 17 12:59:39 PMG postfix/qmgr[829]: 24B5A161ABF: removed

Both SFP and DMARC records are configured correctly.
SPF: v=spf1 a mx -all
DMARC: v=DMARC1;p=quarantine;rua=mailto:soa@ourcorporatedomain.com;ruf=mailto:soa@ourcorporatedomain.com;fo=1

I search for resolution on PMG forum but was unable to find one.

How can we fix it?
 
Last edited:
hi,

could it be that the mails not working have a 'from' header that includes a gmail.com address? if yes then this is the point of dmarc, since
gmail says: 'from gmail only with valid dmarc' but you don't have a valid dmarc header for the from (assuming it contains gmail)

if not, can you post the header of such a mail?
 
dcsapak said:
hi,

could it be that the mails not working have a 'from' header that includes a gmail.com address? if yes then this is the point of dmarc, since
gmail says: 'from gmail only with valid dmarc' but you don't have a valid dmarc header for the from (assuming it contains gmail)

if not, can you post the header of such a mail?
Click to expand...

Thanks for answer and sorry for my late reaction.
I solved my problem by double checking DKIM and DMARC. DKIM was not working for my second domain. I fixed it and the problem does away. Thank you for your help.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom